New research has revealed that four major data breaches – which cost over £265m in damages cumulatively, could have been prevented for as little as £9600 (collectively) with the use of bug bounty programs.
Microsoft has announced a bug bounty program for its open-source election software ElectionGuard, allowing researchers to uncover vulnerabilities and help bolster election security.
The tech giant will also be paying hackers who can find security flaws in its Portal device and in the Oculus Quest.
An eighth iteration of the Pentagon’s bug bounty program discovered a critical vulnerability in Department of Defense systems.
A Bug bounty program is also known as vulnerability rewards program (VRP) is the one where security researchers can disclose vulnerabilities and can receive recognition and compensation for reporting bugs.
The Libra Association rolls out Libra Bug Bounty Program, offering up to $10,000 for uncovering critical blockchain security issues underlying the unreleased cryptocurrency.
Facebook will start rewarding security researchers who report data abuse happening on Instagram, the company has announced. This is an expansion of Facebook’s Data Abuse Bounty program, which it introduced in April 2018.
Microsoft and Apple have both leveled up their bug bounty programs with new incentives for security researchers.
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000.
The Singapore Government has announced a new short-term bug bounty program to for external hackers to find vulnerabilities in nine key government-run websites.
Cross-site scripting, improper authentication and information disclosure were the top three vulnerabilities found by ethical hackers in 2018.
More than 30 security issues have been fixed in VLC, the popular open source media player, with developers praising an EU-funded bug bounty program for helping produce its most secure update yet.
Four months since going public with our bug bounty program, we dive into where we’re at, what success looks like, and what to expect down the road.
Imagine crowdsourced security, with thousands of people dispersed in every time zone, available to warn your company of vulnerabilities within its websites, mobile applications, APIs or IoT devices.
Trend Micro’s Zero Day Initiative (ZDI) is asking researchers to focus on server-side vulnerabilities through a new bug bounty addition.
Though enterprises were once tentative about using so-called bug bounty programs to detect vulnerabilities, researchers are proving to be effective and trustworthy partners in assessing security risks.